1. Technical Field
The present invention relates generally to a referer verification apparatus and method. More particularly, the present invention relates to a referer verification apparatus and method which control web traffic having malicious code.
2. Description of the Related Art
Technology for detecting malicious code is based on a host or a network, or is present in a hybrid form. Also, anti-virus products are mainly used to detect malicious code in a Personal Computer (PC).
Technology for detecting malicious code based on a host has a larger amount of information that can be observed than does technology based on a network, so that malicious code can be more precisely detected. However, this technology is disadvantageous in that performance is deteriorated because internal PC resources are consumed. Further, since current anti-virus products are mainly operated based on signatures, there is a disadvantage in that a lot of time may be required to detect or block code suspected of being malicious.
Along with the above disadvantages, in consideration of the fact that recent malicious code abides by normal behavior similar to that of a normal application in the PC and performs network communication operation, technologies for detecting malicious code based on a network have been proposed.
For example, a paper “NetGator: Malware Detection Through Program Interactive Proofs” is intended to detect malicious code (malware) by distinguishing web browser software, which uses Hypertext Transfer Protocol (HTTP)/Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS), from malware using a technique called authentication code execution verification. This technology then blocks malicious code traffic by means of such detection, but is problematic in that other normal applications are not verified.
Further, U.S. patent application Ser. No. 757,675 (Malware Detector) improves the convenience of a user by authenticating applications, but it is problematic in that all HTTP traffic is not necessarily authenticated regardless of the protocol used by an application.